let counta = 0 let countb = 0 function ftlFunction(callee) { callee("hello"); counta++ } ftlFunction(Math.abs); for (var i = 0; i < 1000; ++i) { try { ftlFunction(Int8Array); } catch (e) { countb++ } } print(counta, countb) With the above script as input to JSC, run JSC with the following parameters: ./jsc test.js --useConcurrentJIT=0 --jitPolicyScale=1 Int8Array("hello") should throw an exception. But in JIT, it does not throw an exception. The problem is in DFGBytecodeParser, the bytecode call is directly inlined as NewTypedArray node. In this way, Int8Array("hello") generate a typedArray instead of throwing an exception. The execution trace is handleCall -> handleInlining -> handleCallVariant -> handleConstantInternalFunction -> handleTypedArrayConstructor in DFGByteCodeParser.cpp.